Security

Did you know that having an insecure password, clicking on an unknown email attachment or not having up-to-date software could make it possible for someone to…

…Read all your email or instant messages?

…View your grades or change your course schedule?

…Read or change anything on your computer?

…Read or change anything accessed from your computer?

…Turn on your computer’s microphone to listen in on conversations?

…Use your computer for a computer crime for which you may be blamed?

Did you know that University of Idaho computers are scanned constantly from around the world by people looking for computers whose operators have made these mistakes?
The University of Idaho network is “scanned” approximately 450,000 times a day by individuals outside of the university network. This averages to be about 50-60 scans on EVERY computer on the network EVERY day. As an analogy…what type of security would you want for your house if a burglar checked your door 50-60 times a day trying to break-in? Did you also know that the security of your account and computer is largely dependent on how your co-workers and fellow students use their computer and accounts?

Why is it important to have a secure password?

The University of Idaho relies on highly secure computing systems for everyday work. This includes sending and receiving email, registering for classes, paying for classes online, sharing documents and files with co-workers, and many more critical activities. Having a secure password not only allows you to be safe when computing at the UI but it also keeps your account from being used for illegal activities without your knowledge.

What if the email, files and other material on my account are not confidential?

When a single account is compromised on a system it increases the potential to have all accounts on the system compromised. This means, since you are responsible for your account and password, you may be considered responsible for illegal break-in attempts to other accounts.

Even though you may not consider your email, class registration, or work activities confidential, many security breaches can involve deletion or corruption of data, mass email (with potentially questionable material) sent from the account, and as mentioned before, the attempted use of the account for illegal break-ins on other systems or accounts.

Why do my passwords expire?

To ensure the security of mission critical services at the university we have implemented password expirations. When a password expires you will be notified during login to obtain a new password. This was primarily done to make password “cracking”, or guessing, more difficult but it was also done to comply with independent state auditors on their recommendation to expire passwords.

Don’t complex rules and password expiration cause people to write down their passwords? Doesn’t that defeat the security?

No, this is a “post-it note” myth. Although it is not recommended that you write down your password on a post-it note and hook it to your monitor it is far better to have a secure password, that may be a little more difficult to remember, than an easy to guess/crack password. Almost 100% of break-in attempts are executed through the computer network NOT by physical access to a computer in a locked room.

Install personal firewall software. Personal firewall software stops attempts from outside computers to connect to services on your machine (that you may not know you are running). Windows XP has a built in firewall that we recommend you enable. Contact the Help Desk for assistance.

Do not click on unknown email attachments

Keep your operating system up-to-date. Visit your vendor’s update sites often to check for security patches or allow applications to check for updates.